From c10b47a5d12b94570067c4b412c3018630300e7f Mon Sep 17 00:00:00 2001
From: Reinier Zwitserloot <r.zwitserloot@projectlombok.org>
Date: Thu, 16 Dec 2021 21:21:38 +0100
Subject: [#3063] Whilst lombok is not vulnerable to Log4Shell, we do have the
 dependency on log4j, solely for testing purposes, and no user input is ever
 logged with it. Nevertheless, pushing the dep to 2.16 to avoid false
 positives from vulnerability scanners ruining the day.

---
 buildScripts/ivy.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/buildScripts/ivy.xml b/buildScripts/ivy.xml
index 808f2565..ab9ddf6e 100644
--- a/buildScripts/ivy.xml
+++ b/buildScripts/ivy.xml
@@ -45,7 +45,7 @@
 		<!-- test deps -->
 		<dependency org="junit" name="junit" rev="4.8.2" conf="test->default; sources" />
 		<dependency org="log4j" name="log4j" rev="1.2.17" conf="test->default; sources" />
-		<dependency org="org.apache.logging.log4j" name="log4j-api" rev="2.15.0" conf="test->default; sources" />
+		<dependency org="org.apache.logging.log4j" name="log4j-api" rev="2.16.0" conf="test->default; sources" />
 		<dependency org="commons-logging" name="commons-logging" rev="1.2" conf="test->default; sources" />
 		<dependency org="org.slf4j" name="slf4j-api" rev="1.8.0-beta2" conf="test->default; sources" />
 		<dependency org="org.slf4j" name="slf4j-ext" rev="1.8.0-beta2" conf="test->default; sources" />
-- 
cgit